"Yesterday (June 14), we learned that a hacker gained unauthorized access to the decade-old BioWare community server system associated with the Neverwinter Nights forums. We immediately took appropriate steps to protect our consumers' data and launched an ongoing evaluation of the seriousness of the breach. We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers. However, hackers may have obtained your user account name and password, email address, country and date of birth, as well as other information (if any) that you may have associated with your EA Account. As a result, we have changed your password to ensure account security. Please visit this https://www.ea.com/ca/blablabla [not the actual URL] to reset your password immediately.

We take the security of your information very seriously and regret any inconvenience this may have caused you. If your username, email address and/or password on the Neverwinter Nights forums are similar to those you use on other sites, we recommend changing the password at those sites as well. We advise all of our fans to always be aware of any suspicious emails or account activity and report any suspicious emails and account activity to Customer Support at 1-866-543-5435.

If you have questions, please visit our FAQ at Answer or contact Customer Support at the phone number above.

It may seem strange, but in a way, Lulzsec is doing a great public service. It's been long discussed in IT circles that the vast majority of sites do not publicly disclose security breaches resulting in a false sense of security online.

Lulzsec isn't doing anything that wasn't already happening before. It's just that the people doing it profit more by selling and exploiting the collected data instead of publicizing it. In fact, they'd rather we didn't know.

The main problem is that IT development from silicon to high level code has an emphasis on features and rapid deployment at the cost of security. Even Intel's chipset hypervisors have been exploited. The most thorough emphasis we see in security is DRM -- at a ridiculous cost to consumers via inflated hardware specs for media players to play DVD and Bluray content; our PC performance suffers in different ways because of DRM too.

Anyway, just because Paypal account credentials were released doesn't mean Paypal was compromised. Surely it has been many times over the years, but not necessarily in this case. The credentials released by Lulzsec may have been collected from compromised personal computers.

While it's not directly related to website security, a lot of the following article is relevant:

I'm waiting for the day our personally identifiable search histories Google keeps in a database for years are exposed or leaked. That will be embarrassing for a lot of people or perhaps a targeted public figure. But who cares about privacy, right?